Visual analysis of complex firewall configurations

Authors:
Florian Mansmann;Timo Göbel;William Cheswick
Affiliations:
University of Konstanz;University of Konstanz;University of Konstanz
Venue:
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Year:
2012

Citing 15
Cited 0

Firewalls and Internet security: repelling the wily hacker

Firewalls and Internet security: repelling the wily hacker
An evaluation of space-filling information visualizations for depicting hierarchical structures

International Journal of Human-Computer Studies - Empirical evaluation of information visualizations
Visualizing Network Data

IEEE Transactions on Visualization and Computer Graphics
Visualizing Association Rules for Text Mining

INFOVIS '99 Proceedings of the 1999 IEEE Symposium on Information Visualization
PortVis: a tool for port-based detection of security events

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
SnortView: visualization system of snort logs

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
prefuse: a toolkit for interactive information visualization

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Visual Firewall: Real-time Network Security Monito

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Preserving the Big Picture: Visual Network Traffic Analysis with TN

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Visual Correlation of Network Alerts

IEEE Computer Graphics and Applications
Mapping and visualizing the internet

ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Visual Analysis of Network Traffic for Resource Planning, Interactive Monitoring, and Interpretation of Security Threats

IEEE Transactions on Visualization and Computer Graphics
PolicyVis: firewall security policy visualization and inspection

LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
SpiralView: Towards Security Policies Assessment through Visual Correlation of Network Resources with Evolution of Alarms

VAST '07 Proceedings of the 2007 IEEE Symposium on Visual Analytics Science and Technology
A Survey of Visualization Systems for Network Security

IEEE Transactions on Visualization and Computer Graphics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Firewalls have become essential components in the security concept of almost any modern computer network. Due to their relevance and central location in the network, their programming logic often survives several generations of administrators and hardware. Understanding the logic behind a firewall configuration is thus an important but challenging task for a network administrator. In general, there is a tendency to add new rules while old rules are only rarely changed or removed due to unexpected consequences in the network. In this paper we present a visualization tool to support the network administrator in this complex task of understanding firewall rule sets and object group definitions. The tool consists of a hierarchical sunburst visualization, which logically groups rules or object groups according to their common characteristics, a color-linked configuration editor and classical tree view components for rules and object groups. All these components are interactively linked to enable both exploratory and hypotheses testing tasks aimed at understanding the complex functionality of a firewall configuration. To verify our design, we present two case studies on the analysis of rule usage and on nested object groups and collected feedback from five firewall administrators.